MyRacing
Back to Home
PRIVACY POLICY

MyRacing Privacy Policy

Version 2.0 | March 2026

1. Data Controller

The controller of your personal data under GDPR is:

Cottage 13 Katarzyna Brodzka-Demianiuk (operating the MyRacing Service)
NIP: 5262197414 | REGON: 527220630
Registered address: Chlina 13, 42-439 Zarnowiec, Poland
Contact: contact@myracing.online

This Privacy Policy applies to the MyRacing web application (app.myracing.online) and mobile applications (iOS and Android), collectively the "Service".

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, password (bcrypt hashed), country
  • Profile information: racing preferences, motorcycle details, setup configurations
  • Racing data: lap times, tire information, maintenance records, performance analytics
  • Payment information: handled entirely by Stripe; we do not store card details

2.2 Collected Automatically

  • Device information: device type, operating system
  • Usage data: features accessed, session duration
  • Log data: IP address, browser type, access times

Collected via server-side logging only. No third-party advertising or tracking cookies are used.

2.3 Third-Party Authentication

If you use Google Sign-In, we receive your name and email from Google to create or link your account. We do not receive or store your Google password.

3. Legal Basis for Processing (GDPR Article 6)

  • Contract (Art. 6(1)(b)): account registration, delivering the Service, processing payments
  • Legitimate interests (Art. 6(1)(f)): security monitoring, fraud prevention, service improvement
  • Legal obligation (Art. 6(1)(c)): retaining payment records under Polish tax law
  • Consent (Art. 6(1)(a)): optional processing such as marketing; withdrawable at any time

4. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions via Stripe
  • Send technical notices and support messages
  • Analyse usage patterns to enhance user experience
  • Generate anonymised aggregated analytics
  • Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal data. We share it only as follows:

5.1 Service Providers

  • Stripe, Inc. (USA) — payment processing and transactional emails. Transfer mechanism: Standard Contractual Clauses (SCCs). DPA included in Stripe standard terms.
  • Google LLC (USA) — authentication (Google Sign-In). Transfer mechanism: SCCs. DPA included in Google standard terms.
  • Hostinger International Ltd. (EU/Lithuania) — hosting, VPS infrastructure, and transactional email (account verification, password reset). Data stored within the EU. No third-country transfer.
  • AI service (self-hosted Ollama on controller-owned infrastructure) — AI Racing Coach query processing. No third-party processor.

5.2 Legal Requirements

We may disclose data where required by law or to protect the rights and safety of MyRacing or our users.

5.3 Business Transfers

In a merger or acquisition your data may transfer. We will notify you before it becomes subject to a different privacy policy.

6. International Data Transfers

Where data is transferred outside the EEA (specifically via Stripe and Google, both US-based), we ensure protection via Standard Contractual Clauses approved by the European Commission. All other processing occurs within the EU. Contact us for details of safeguards for any specific transfer.

7. Data Retention

  • Account and profile data: retained for account duration; deleted within 30 days of account closure
  • Racing and performance data: retained for account duration; deleted with account
  • Payment and transaction records: 5 years from transaction date (Polish tax law)
  • Server log data: maximum 12 months, then deleted
  • AI Racing Coach queries: not stored in persistent form linked to your identity

8. Data Security

  • HTTPS/TLS encryption in transit
  • bcrypt password hashing
  • CSRF protection on all state-changing operations
  • Access controls limiting data to authorised personnel
  • Regular security assessments

9. Your Rights Under GDPR

  • Access (Art. 15): request a copy of your data
  • Rectification (Art. 16): request correction of inaccurate data
  • Erasure (Art. 17): request deletion, subject to legal retention obligations
  • Restriction (Art. 18): request limits on how we use your data
  • Portability (Art. 20): receive your data in machine-readable format
  • Object (Art. 21): object to processing based on legitimate interests
  • Withdraw consent (Art. 7(3)): at any time for consent-based processing
  • Lodge a complaint (Art. 77): with the Polish DPA — Urzad Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl — or your local supervisory authority

To exercise these rights: contact@myracing.online or use self-service tools at app.myracing.online/profile. We respond within 30 days.

10. Children's Privacy

The Service is not directed to anyone under 16. We do not knowingly collect data from children under 16. Contact us immediately if you believe we have done so.

11. Cookies and Tracking

We use only technically necessary session tokens for authentication. No advertising or third-party tracking cookies are used. Usage data is collected via server-side logging only.

12. Changes to This Policy

We will notify you of material changes by email and/or notice within the Service at least 14 days before they take effect.

13. Contact

Cottage 13 Katarzyna Brodzka-Demianiuk (operating as MyRacing)
Email: contact@myracing.online
Website: https://myracing.online
Address: Chlina 13, 42-439 Zarnowiec, Poland

We respond to all data protection enquiries within 30 days.

© 2026 Cottage 13 Katarzyna Brodzka-Demianiuk. All rights reserved. MyRacing is a product of Cottage 13.